Compatible (unified?) configuration script

noncesense-research-lab / archival_network

Investigating the frequency of alternative blocks, reorganizations, potential double-spend attacks, selfish mining, and more.

MIT License

14 stars 7 forks source link

Compatible (unified?) configuration script #37

Open Mitchellpkt opened 6 years ago

Mitchellpkt commented 6 years ago

When current MAP_VPS_setup.sh script is executed on a fresh Debian install, User map is not added to sudoers (maybe this is intentional, but configuring monerod-archive requires a sudo to write in /opt

It would be ideal if the MAP_VPS_setup also pulls down and places the monerod-archive binary in the appropriate location.

The MAP_VPS_setup.sh could also wget the archival daemon configuration script to create the directory and configure monerod-archive as an auto start service, as mentioned in #36

Mitchellpkt commented 6 years ago

Ideally the unified script would extend SerHack's install script:

sets the hostname
creates user map (with sudo privileges?)
creates /usr/bin/monero directory
adds said directory to path
downloads & extracts Monero linux64 code
downloads & extracts monerod-archive patch
carries out necessary archival daemon configuration (e.g. cleates /opt subdir for output, and sets up monerod-archive as a service)

Mitchellpkt commented 6 years ago

@neptuneresearch has ideas for a firewall and more advanced security measures?

neptuneresearch commented 6 years ago

Just to let you know that I've been working on:

monerod-archive conf file - Done and running on Tokyo
systemd service file for monerod-archive - In progress, the file is written but the implementation needs troubleshooting
Extended MAP node install script/guide - In progress
Firewall - I have added a firewall to Tokyo, it is working well

Tokyo Setup FYI you can check firewall configuration:

sudo ufw status verbose

The daemon start command on Tokyo is now:

sudo ~/map/launch-v7-sudo.sh

This starts the archive daemon in the same way the systemd service will, which is (1) as root user (2) with the Monero conf file located at

/etc/monerod-archive.conf

Per the new Monero conf file, the daemon log is now located at:

/var/log/monerod-archive.log

Definitive solution and documentation is forthcoming.

neptuneresearch commented 6 years ago

Note that the temp setup above switches Monerod over to running as root, I think under systemd it would run as root too? but we've proven it works under "map" non-root account, so maybe final solution should be non-root.

wherein, I think we would just need to add permissions for "map" to the files it uses:

/usr/bin/monero
/etc/monerod-archive.conf
/var/log/monerod-archive.log
/opt/monerodarchive/archive.log

Mitchellpkt commented 5 years ago

monerod-archive as service SSH Log rotate

neptuneresearch commented 5 years ago

Mostly done

https://github.com/Mitchellpkt/monero_archival_project/wiki/MAP-VPS-Setup

TODO: logrotated configuration

serhack commented 5 years ago

@Mitchellpkt I'm just wondering why you did not assign me that ;) haha!

serhack commented 5 years ago

As soon as we have logrotated configuration, I could set up a time where I can do some maintenance. So every VPS will have the same configuration!

neptuneresearch commented 5 years ago

Logrotate for monerod: I found monerod already rotates its logs by itself.

I have added max-log-files=0 option to /map_vps_setup_files/monerod-archive.conf so that this rotation never ends, as the default value for this option is 50.

That should be it. The default log file size (monerod option max-log-file-size) is 104,850,000 bytes. @IsthmusCrypto Is that OK or is a different size limit desired?

Logrotate for the archive output file: 90% done

neptuneresearch commented 5 years ago

Logrotate for monerod: I forgot we still need compression. Maybe monerod rotation + logrotated compression, i.e. logrotate targets another location, and the prerotate script initializes it by moving monerod's rotated logs in.